[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes



On 12/17/2016 3:58 PM, podmo wrote:


Agree Intel needs to do a much better job documenting the capabilities,

The most detailed documentation Intel has issued on the ME is probably the 2014 book "Platform Embedded Security Technology Revealed" by Dr. Xiaoyu Ruan, who is an Intel employee who has a major role in designing software for the ME. It's not really a ME design document so much as a book about designing hardware/software secure platforms that uses the ME as an example and goes into some detail about its design.

Not all Intel chipsets support AMT (check Intel's website for which ones do, but most consumer PC/laptop chipsets don't), and for every version of ME firmware there are two releases, one for chipsets with AMT support and one for chipsets without. Chipsets which support AMT can have the ME firmware updated remotely if it's signed properly and the AMT password is entered or bypassed somehow. Chipsets without AMT support cannot be updated remotely AFAIK.

If somebody got their hands on the Intel ME toolset and private signing keys they could create a custom version of ME firmware that could do just about anything, including accessing almost all the PC's RAM at any time. But getting it on the machine is the trick. Without AMT support it would require physical access to the machine, but then you can do just about anything anyway with physical access.

Could always use a third party NIC instead of the
onboard one too.

Yes.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk